Download
| Alert*
oval:org.secpod.oval:def:1800806
Fixed in gnutls 3.5.13 Reference Patches oval:org.secpod.oval:def:2101183 GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. oval:org.secpod.oval:def:1800723 Fixed In: gnutls 3.5.13 Reference: Patches: oval:org.secpod.oval:def:1800736 Fixed in: gnutls 3.5.13 Reference: Patches: oval:org.secpod.oval:def:89044554 This update for gnutls fixes the following issues: - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding - Address read of 4 bytes past the end of buffer in OpenPGP certifi ... oval:org.secpod.oval:def:602943 Hubert Kario discovered that GnuTLS, a library implementing the TLS and SSL protocols, does not properly decode a status response TLS extension, allowing a remote attacker to cause an application using the GnuTLS library to crash . oval:org.secpod.oval:def:703653 gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:112455 GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other r ... oval:org.secpod.oval:def:51818 gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:1501946 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502079 The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls . Security Fix: * A double-free flaw was found in the way GnuTLS p ... oval:org.secpod.oval:def:204617 The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls . Security Fix: * A double-free flaw was found in the way GnuTLS p ... |